<?php 
//connect to mysql database
require("config.php");
//start session
session_start();

if(isset($_SESSION["customer"])) {
	header("location: ../index.php");
	exit();
}
?>
<?php
if (isset($_POST["username"]) && isset($_POST["password"])) {
	//only allow UPPER, lower case and numbers
	$customer = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
	//$cus_pass = $_POST["password"];
	$cus_pass = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
	
	//encrypt password using md5
	//$enc_pass = md5($cus_pass);
	
	$sql = mysql_query("SELECT * FROM customers WHERE u_name='$customer';");
	$count = mysql_num_rows($sql);
	
	if ($count == 1) {
		while ($row = mysql_fetch_array($sql)) {
			$id = $row["id"];
			$cus_pass = stripslashes($cus_pass);
			$row['password'] = stripslashes($row['password']);
			$cus_pass = md5($cus_pass);
			
			if ($cus_pass != $row['password']) {
			 		die('Incorrect password, please try again. <a href="javascript: history.go(-1)"> Go Back. </a>');
			 	}
		}
		$_SESSION["id"] = $id;
		$_SESSION["customer"] = $customer;
		$_SESSION["password"] = $cus_pass;
		header("location: ../index.php");
			exit();
		
	}
	$count2 = mysql_num_rows($sql);

		if ($count2 == 0) {
			die('That user does not exist in our database. <a href=../register.php>Click Here to Register</a>');
	 	}
}


?>